Hyperledger genesis.block and TLS CA Cert

Question

If I open a hyperledger fabric genesis.block, there are CA certificates in the block. What I do not understand is why a "Transport Layer Security" CA cert has to be in the genesis.block. Also note that in the documentation, it says that currently TLS CA certificates can not be revoked, which would be another reason NOT to include the TLS CA certs in the genesis.block.

If someone could shed some light on this I would appreciate it.

Answer 1

According to my understanding If you enabled TLS mode on peers and orderers. The block itself needs the cert to communicate with those nodes. if that part is left blank at least when you get peer into channel and it starts to send the broadcast to orderers, the latter would pump bad tls certificate message and deny the connection.